Presentation on theme: "1 Why Are We Here Together Introduce Myself Because of the many incidents throughout the country and at universities in particular of identity theft and."— Presentation transcript:
1 Why Are We Here Together Introduce Myself Because of the many incidents throughout the country and at universities in particular of identity theft and security breaches CUNY has made a security course available on line. Because that course was commercially developed it was designed on a corporate and factory model. I was tasked to create a revised presentation which would be relevant to the college and university environment in general, and QCC in specific. he University wants everyone to become aware of the dangers of the problem and how to protect yourself and your computers at home and at work CUNY wants to make sure that QCC and all colleges are taking this seriously By taking the course together we can answer questions that may arise for you Booklet A little more than an hour – if anyone has to leave to make a class just do so Play Video CCNY – Open With VLC
2 Some Recent Headlines Computer Containing 7,000 CUNY Students Personal Information Stolen Weeks Ago (City College, Daily News, 9/7/10) Laptop Lost or Stolen U.S. Workers on Alert After Breach of Data (New York Times, 11/6/10) 12,000 affected; 1-yr credit reporting; $25,000 id theft insurance Security Breach Leaves 45,000 at Risk of Identity Theft (Cornell, Cornell Daily Sun, 6/24/09 Stolen Laptop; college providing credit reporting and id theft insurance University of Virginia victim of $996,000 cyber attack (eweek.com 9/3/10) Saint Anselm College Alumni Mailing Exposed SSN (9/17/10) Service members Face Identity Theft (New York Times, 12/7/10) SSN Hijacked
3 Get Started on the Security Course 1. This course will help you in the office and especially with your home computer to help you from becoming a victim of identity theft and cyber attacks on your computer. About the film you just saw about City College : YOU MAY HAVE THOUGHT THAT A PASSWORD PROTECTED COMPUTER WAS SAFE. BUT THE HARD DRIVE CAN BE REMOVED AND INSTALLED IN ANOTHER COMPUTER AND THE DATA RETRIEVED. Head of Office will be responsible to the students and public. 2. Go to the site: –http://security.cuny.eduhttp://security.cuny.edu 3. Click on the lock You should be directed to the site: http://www.enterprisetraining.com/cunycourse.htm 4.Enter Name, Email Address, for code, select “None”; from dropdown “Your Role at CUNY” select from among Student, CUNY Faculty Member, or CUNY Employee; from dropdown select Queensborough Comm College 5.Click on Proceed to CUNY Security Awareness Course
4 Identity Theft Fastest Growing Crime in America Avoid being a victim by adopting safeguards while handling sensitive personal information Ask if anyone here has been a victim of identity theft Skip “Understand Information” and go to “Identify the Need for Cybersecurity after presenting Information Security Two Pages
5 Information Security Safeguarding information from: 1.Misuse 2.Theft 3.Loss 4.Damage ONE OF TWO PAGES RELATING TO SLIDE NO SLIDE CONTINUE NEXT PAGE
6 Information Security Safeguard Information – Insure: Confidentiality (Transport data securely with encryption) Integrity Availability to Authorized Users (CUNY First passwords) If your computer is compromised it can compromise all linked computers Why do we have Passwords? GO TO IDENTIFY THE NEED FOR CYBER SECURITY
7 Cyber Security Is the protection of data and systems connected to the internet Deter – Detect – Defend Against Information Theft Attacks Desktops, laptops, cell phones, wireless gadgets, PDA’s’s Proliferation due to the increased use of the internet THERE ARE TWO CYBER SECURITY SLIDES AND A PAGE OF COMMENTARY FOR EACH
8 Cyber Security Safeguards reduce the risks and minimize the damage that can be caused by cyber attacks –Precautions must be taken in using social networking, e.g., Facebook, YouTube, and Twitter HOLD THE NEXT SLIDE UNTIL AFTER CYBER SECURITY AT QCC COMMENTARY How many of you are on Facebook? It makes its money by selling your information
9 Computer Security is Everyone’s Job Your QCC desktop attached to the campus network has: McAfee VirusScan Enterprise software that guards against threats Internal Firewall security Fireeye anti-spyware, a gateway appliance, to protect computer from being taken over by external sources Barracuda, another gateway appliance, to remove malware and virus coming from external websites McAfee software to remove external spam External Firewall wraparound security for campus wired and wireless network Central Office has its own security in place
10 Social Engineering Exploits Can provide an end-run around the most extensive security barriers Type of attack on sensitive information Targets individuals not equipment Requires individuals to take action for its success Uses trickery and deceit Often presents a deceitful link No one connected with CUNY will ever ask for your password Show security headlines document HOLD FOR 4 SLIDES TO FINISH
11 Phishing A social engineering exploit An internet scam Designed to gain access to Social Security Numbers Credit Card Numbers Passwords Often asks you to respond to email to provide updated information Do not respond to such request; do not click on any links Responding indicates that the email account they located belongs to a real address and person Robocalls READ EPSILON LETTER CHASE
12 Pharming The creation of a fraudulent website that embodies real web pages to obtain confidential information -Study web address -Legitimate secure sites should have “https” in their web address and the icon of a lock on the status bar -If you receive a message “This Connection is Untrusted” from your browser do not proceed N.B. OPEN IN A NEW TAB
13 Spoofing An email that pretends to come from a trusted source or one known to you An email threat that seeks to gain confidential information for fraudulent purposes Seeks information for identity theft Often in the guise of a PRIZE or AWARD that requires your social security number or credit card information Can be the result of hijacking of one’s email address book At QCC a dean recently had to send out this message after her email address book was hijacked: “Someone got into my password and sent a message entitled ‘Hello, Friend’ – please disregard. Sorry for the inconvenience.” SECTION AT BACK OF BOOKLET WITH EXAMPLES
14 After “Identify Social Engineering Exploits” go to “Strengthen Desktop Security”. Present Guidelines for a Strong Password Present Password Protect Your Screen Saver and Demonstrate at the Desktop
15 Guidelines for a Strong Password Use at least seven (7) characters Use combination of upper case and lower case letters, numbers, and symbols Try to place a symbol after the first character A new password should be significantly different from your current password Do not use common words, your name, or other words that people associate with you Hackers know that users typically start a password with a capital letter and end with the number 1. Do not follow this pattern. Paula = Daedelus = 1)@eXw3.
16 Password Protect Your Screen Saver If you step away from your desk while your computer is on, your information will not be accessible to anyone To password protect your computer right click an empty space on the desktop, select properties, select screen saver, check “on resume, password protect” You may select and adjust the number of minutes before screen locks When locked you will see message “This Computer is in Use and has been locked” Control + ALT + Delete Enter your desktop password GO TO DESKTOP and RIGHT CLICK PERSONALIZE
Password Protect Your Smart Phone You can and should password protect your smart phone in which you can send and receive email and surf the internet. In which you have contact information The Iphone, Android, and Blackberry phones have this feature. If the phone is lost a third party cannot readily access your data. 17
18 Downloading Software Guidelines Downloading copyright protected files off the internet is an infringement of the copyright owner’s exclusive rights of reproduction and/or distribution and is very dangerous to your computer Files which can be downloaded over peer-to-peer networks, e.g., BitTorrent, are primarily copyrighted works Authorized services that allow copyrighted works to be purchased online, e.g., ITunes, eliminate the risk of infringement Authorized services can also limit the exposure to other potential risks like viruses and spyware If the use is business related, a college or university software agreement may exist We recommend that you do not download to your college computer software that is not work related. The only software on your office computer should be supplied by QCC Be very careful in deciding to download software to your home computer
19 Encryption/Decryption A type of file protection that disguises the file contents File cannot be read by unauthorized users who have not been given the key used to encrypt or disguise the contents Sensitive material or private information includes, but is not limited to, social security numbers, driver’s license or non-driver identification card numbers, credit, debit, or other financial account numbers. Sensitive material should never be emailed Sensitive material should never be stored in “the cloud” or with other third party storage systems. If you have need to transmit or receive sensitive material to or from others on campus, IT will install Webdrive encryption software on your computer. If you have need to transmit sensitive material outside of QCC to other CUNY units, or outside of CUNY to other colleges or entities, Tumbleweed software must be used. You can open a Tumbleweed account at the CUNY portal/. Sensitive material may not be taken between campus and home without expressed approval of the Vice President of Finance and Administration Sensitive material may only be transported between campus and home if encrypted. IT will supply encrypted flash drives for the approved use of faculty and administration
20 Disposing and Deleting Sensitive Files (Student Personal Data) Safe Disposal: Erase floppy disks, hard drives, flash drives, and tapes; Shred paper documents; Break CD’s in half. Deleting a file does not erase the data from the computer. It is still retrievable by others. Deleting a file deletes the pointer to the data and not the data itself. To safeguard deleted data from others be sure to empty your cache, and trash or recycle bin. When IT removes your old computer and it is readied for disposal utilities are applied to the computer to totally wipe out data. Go from outline of “Implementing File Security” and discussion of Encyption and Decryption to “Guarding Against Attacks”
21 Defend Against Email Attacks Most security breaches occur via email attachments and surfing websites Almost everyone uses their computer for some form of personal, professional, or institutional email Email attacks can affect one computer or all linked computers
22 Malware Malicious Code Crashes program or computer Loss of data Computer can be controlled by attackers Unauthorized access to sensitive data Internet browser redirected to harmful or dangerous websites
23 Virus A computer program that attaches itself to your computer and replicates itself It may run or lurk in the background Will be on executable files, e.g.,:.Bat.Com.Exe.Scr.Shs
24 Trojan (as in Horse) Malicious program masquerading as harmless Does things user does not expect May locate passwords May destroy programs or data Sneak in with illegal downloads of games, utilities, software, or music
25 SPAM Unsolicited and Unwanted email Can overload mailbox or mail servers May contain viruses, pharming, phishing, or spoofing May direct you to another site Due to filters applied by IT to incoming email to QCC, only a fraction of the spam that you are sent reaches your inbox
26 Virus Hoaxes Never act on emails, even from friends, urging you to delete files or forward emails regarding hoaxes except from QCC IT Security.
27 Hacking Illegal creating or altering hardware and software Illegal hacking destroys or disrupts data May engage in illegal activities on your computer and in your name Vital information falls into the wrong hands Stieg Larsson and Lisbeth Salander 35 million copies
28 Virus Protection Software Your office computer is protected by virus protection software and updates are applied automatically Computer program that identifies and removes malware from your computer Software Engine Virus Definition Files Download Updates Virus Scans check computer for malware Your office computer scans for viruses upon start up Your home computer must be continuously or regularly updated by downloads * Free virus protection software is available to you from the CUNY Portal e- mall. 4 SLIDES – HOLD COMMENTARY UNTIL AFTER VIRUS SCANS Symantec Antivirus Software GO FROM VIRUS SCANS TO BLOCK SPYWARE
29 Spyware Intercepts or takes control of computer Tracks surfing and activities for commercial use Infected computer will be: slow crashes often See pop-ups when not on internet Changes internet sites without your control Often attached to free-to-download “cute” utilities and applications.
30 Block Spyware Use Anti-Spyware Programs Use Pop-Up Blockers Adjust Security Settings for maximum control
31 If your office computer is infected Call the Help Desk – x 6348
Your consent to our cookies if you continue to use this website.